Brought up to date the README and TODO files.

2006-10-10 14:47:19 +00:00 · 2006-10-10 14:47:19 +00:00 · 18e290e209
commit 18e290e209
parent ac412cb2cd
28 changed files with 567 additions and 64 deletions
--- a/CASA-auth-token/README
+++ b/CASA-auth-token/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
 Tokens from it using the obtained Session Token. When an ATS receives a request for
 an Authentication Token, it then verifies the validity of the received Session Token
 and then it creates the appropriate Identity Token for the target service which it then
-embeds within the Authentication Token. The indentity information contained in the
+embeds within the Authentication Token. The identity information contained in the
 Identity Token as well as the type of Identity Token utilized depends on what is
 configured for the tatget service.
--- a/CASA-auth-token/java/README
+++ b/CASA-auth-token/java/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
 Tokens from it using the obtained Session Token. When an ATS receives a request for
 an Authentication Token, it then verifies the validity of the received Session Token
 and then it creates the appropriate Identity Token for the target service which it then
-embeds within the Authentication Token. The indentity information contained in the
+embeds within the Authentication Token. The identity information contained in the
 Identity Token as well as the type of Identity Token utilized depends on what is
 configured for the tatget service.
--- a/CASA-auth-token/java/TODO
+++ b/CASA-auth-token/java/TODO
@ -13,5 +13,4 @@ details outstanding items at the project level.
 OUTSTANDING ITEMS
- Plug-in auth_token into the CASA make system.
+None.
--- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com
 - Brought up to date the README and TODO files.
 -------------------------------------------------------------------
 Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com
--- a/CASA-auth-token/java/server/Jaas/README
+++ b/CASA-auth-token/java/server/Jaas/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for JaasSupport
--- a/CASA-auth-token/java/server/Svc/README
+++ b/CASA-auth-token/java/server/Svc/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for AuthTokenSvc
@ -19,10 +42,10 @@ Identity Token Providers for the generation of Identity Tokens.
 ENVIRONMENT SETTINGS
-The following options must be set in the JAVA_OPTS setting before starting Tomcat
+The following options must be set in the JAVA_OPTS environment variable before
-to allow the Kerberos authentication mechanism to work properly:
+starting Tomcat to allow the Kerberos authentication mechanism to work properly
 with Sun's Java:
 -Djavax.security.auth.useSubjectCredsOnly=false
 -Djava.security.auth.login.config={replace with the path for JAAS configuration
                                   file for the service}
@ -44,14 +67,21 @@ com.sun.security.auth.module.Krb5LoginModule required
      keyTab="/etc/krb5.keytab";
 }
-Please adjust the ticketCache and principal setting to match your installation. 
+Please adjust the ticketCache and principal setting to match your installation.
 By default, AuthTokenSvc reads its configuration from the "conf" folder under
 the WEB-INF folder of the Tomcat Web Application ($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/conf).
 This can be over-ridden by setting the following option in the JAVA_OPTS environment variable:
 -Dcom.novell.casa.authtoksvc.config={replace with the path to the configuration
                                      folder}
 CONFIGURATION
-AuthTokenSvc configuration consists of multiple entities. Most of the AuthTokenSvc
+AuthTokenSvc configuration consists of multiple entities. The authTokenSvc configuration
-configuration is contained within the "conf" folder under the WEB-INF folder of the
+is contained within the "conf" folder under the WEB-INF folder of the application
-application. For an example configuration setup for the AuthTokenSvc see the
+($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/conf). For an example configuration setup
-sampleConf folder.
+for the AuthTokenSvc see the sampleConf folder.
 The location of the AuthTokenSvc configuration folder can be over-ridden by specifying
 a different path via the com.novell.casa.authtoksvc.config system property.
@ -60,7 +90,7 @@ CONFIGURING THE BASE SERVICE
 The ATS base settings are configured in the svc.settings file under the conf folder.
-Thhe following is an example svc.settings file:
+The following is an example svc.settings file:
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <settings>
@ -110,23 +140,42 @@ Note the following about the sample svc.settings file:
 - The KeyStorePwd setting specifies the password of the user specified by KeyStoreUser to get
  the private signing key from the keystore.
 ATSs digitally sign tokens, for this purpose it is necessary that keys be generated and installed
 in a keystore whose location and properties are configured in the crypto.properties file present in
 the "classes" folder under the WEB-INF folder of the AuthTokenSvc application
 ($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/classes). Please note that you must edit the
 crypto.properties file with the appropriate information once the AuthTokenSvc is deployed to
 a Tomcat server.
 CONFIGURING SERVICES TO CONSUME CASA AUTHENTICATION TOKENS
-Services are configured to consume CASA authentication tokens by creating folders
+By default, an ATS will issue CASA authentication tokens to be consumed by any service
-under the conf/enabled_services folders. Since CASA distinguishes between services
+not explicitedly configured as a consumer in the ATS's configuration. This default
 behavior can be turned off by setting the following system property in the JAVA_OPTS
 environment variable:
 -Dcom.novell.casa.authtoksvc.enabled_svcs_only=true
 Services explicitedly configured as consumers of CASA authentication tokens by creating
 folders under the conf/anabled_services folder. Since CASA distinguishes between services
 of the same name existing in different hosts, the first folder that must be created
 is one for the host where the service resides. The host folder name must match the
-DNS name of the host where the service resides. Services are configured by creating
+DNS name of the host where the service resides unless the service resides in the same
-a folder under the appropriate host folder with a name matching the service name.
+host as the ATS in which case the host folder name must be "localhost". Services are
 configured by creating a folder under the appropriate host folder with a name matching
 the service name.
-Note when configuring services that the service name and the host names must match
+Note when configuring services that the service folder and the host folder names must match
-the service and host names specified by the client applications when requesting
+the service and host names specified by the client applications when requesting tokens to
-tokens to authenticate to them.
+authenticate to them with the exception of when the service resides in the same host as the
 ATS in which case the host folder name is "localhost" and the host name specified by the
 application is the host's DNS name.
 The services folder must contain an auth.policy file, an authtoken.settings file,
-and an identoken.settings file. In the absence of any one of those files, the ATS
+and an identoken.settings file. In the absence of any one of those files or if the service
-will default to utilizing the files present under its conf folder.
+is not explicitedly configured, the ATS will default to utilizing the files present under
 its conf folder.
 The auth.policy file specifies the authentication realms (or contexts) to which
 entities can authenticate to gain access to the service. The auth.policy file also
@ -140,7 +189,7 @@ The following is an example auth.policy file:
 	<auth_source>
 		<realm>CorpTree</realm>
 		<mechanism>Krb5Authenticate</mechanism>
-		<mechanism_info>host@tokenserver.company.novell.com</mechanism_info>
+		<mechanism_info>host/tokenserver.company.novell.com@KRB_REALM</mechanism_info>
 	</auth_source>
 	<auth_source>
 		<realm>CorpTree</realm>
@ -167,8 +216,8 @@ Note the following about the sample auth.policy file:
  specified for an auth_source entry.
 - The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism
-  requires that you specify the service's kerberos principal name under the mechanism_info
+  defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a
-  key.
+  different service principal name under the mechanism_info key.
 - The name of the username/password authentication mechanism is "PwdAuthenticate" and
  it does not require any information to be included under the mechanism_info key.
@ -213,7 +262,6 @@ The following is an example identoken.settings file:
 <settings>
 	<Attributes>sn,groupMembership,guid</Attributes>
 	<EncryptAttributes>false</EncryptAttributes>
 	<Certificate>Base64 encoded certificate</Certificate>
 </settings>
 Note the following about the sample identoken.settings file:
@ -232,10 +280,6 @@ Note the following about the sample identoken.settings file:
  the file present in its conf folder (Attribute encryption is not yet supported
  by the Casa identity token provider).
 - The Certificate setting specifies the certificate that must be utilized to encrypt
  identity attribute data. The certificate contains the public key of the targeted
  service. The certificate data is Base64 encoded.
 - The identoken.settings file can also contain additional identity token provider
  specific settings.
@ -268,22 +312,22 @@ mechanism:
 <settings>
 	<ClassName>com.novell.casa.authtoksvc.Krb5Authenticate</ClassName>
 	<RelativeClassPath>WEB-INF/classes</RelativeClassPath>
-	<ServicePrincipalName>host@authtokenserver.company.com</ServicePrincipalName>
+	<ServicePrincipalName>host</ServicePrincipalName>
 </settings>
 The base AuthTokenSvc package contains two authentication mechanisms, these are
 Krb5Authenticate and PwdAuthenticate. The configuration under sampleConf is set up
 to allow an AuthTokenSvc to leverage both mechanisms.
-The Krb5Authenticate mechanism requires that the following setting also be included
+The Krb5Authenticate mechanism defaults the service principal name to "host/hostname",
-in its mechanism.settings file:
+you can over-ride this parameter by adding the following entry to its mechanism.settings file:
 ServicePrincipalName - This is the name of the Kerberos Service Principal that the
 Authentication Token Service runs as when authenticating other entities.
 CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDERS
- TBD -
+<This feature is not currently supported>
 SECURITY CONSIDERATIONS
--- a/CASA-auth-token/java/server/Svc/TODO
+++ b/CASA-auth-token/java/server/Svc/TODO
@ -10,12 +10,9 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
 OUTSTANDING ITEMS
- Switch to a Web Services model where the Client/Server protocol uses SOAP.
+- Switch to a Web Services model where the Client/Server protocol uses SOAP.(This is under evaluation).
 - Switch to use WS-Security, WS-Policy, and WS-Conversation for Authentication Tokens and Session Tokens.
 - Add code to verify that client/server communications occur over HTTPS.
 - Add logging.
 - Create plug-in API for Identity Token Providers.
 - Integrate into CASA build environment.
 - Review Code.
 - Change printfs used for debugging into a suitable mechanism.
--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java
@ -37,6 +37,9 @@ import org.apache.axis.message.MessageElement;
 import javax.xml.namespace.QName;
 import java.io.*;
 // Un-comment the following line to print Authentication Token Messages
 //import org.apache.axis.utils.XMLUtils;
 /*
 * AuthToken Class.
@ -113,6 +116,9 @@ public class AuthToken
                                                  svcConfig,
                                                  (targetHost.compareTo("localhost") == 0) ? false : true);
            // Un-comment the following line to print Authentication Token Messages
            //XMLUtils.PrettyElementToWriter(authTokenMessage.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
            // Now save the message as a string
            OutputStream outStream = new ByteArrayOutputStream();
            authTokenMessage.writeTo(outStream);
--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings
@ -3,5 +3,4 @@
 	<description>This is the authentication mechanism for the Krb5Authenticate scheme. The Krb5Authenticate scheme authenticates entities using Kerberos-V tokens.</description>
 	<ClassName>com.novell.casa.authtoksvc.Krb5Authenticate</ClassName>
 	<RelativeClassPath>WEB-INF/classes</RelativeClassPath>
 	<ServicePrincipalName>Specify the service's kerberos principal name</ServicePrincipalName>
 </settings>
--- a/CASA-auth-token/non-java/README
+++ b/CASA-auth-token/non-java/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
 Tokens from it using the obtained Session Token. When an ATS receives a request for
 an Authentication Token, it then verifies the validity of the received Session Token
 and then it creates the appropriate Identity Token for the target service which it then
-embeds within the Authentication Token. The indentity information contained in the
+embeds within the Authentication Token. The identity information contained in the
 Identity Token as well as the type of Identity Token utilized depends on what is
 configured for the tatget service.
--- a/CASA-auth-token/non-java/TODO
+++ b/CASA-auth-token/non-java/TODO
@ -13,5 +13,4 @@ details outstanding items at the project level.
 OUTSTANDING ITEMS
- Plug-in auth_token into the CASA make system.
+- Allow the Windows client to be built under Cygwin.
--- a/CASA-auth-token/non-java/client/README
+++ b/CASA-auth-token/non-java/client/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for libcasa_c_authtoken
@ -17,8 +40,8 @@ libcasa_c_authtoken utilizes mechanism plug-ins for authenticating to ATSs.
 The client auth_token package installs mechanisms for the support of Kerberos5
 and Username/Password authentication. To configure additional authentication mechanism
 plug-ins, place their configuration file in the folder for CASA Authentication Token module
-configuration. The path to this folder under linux is /etc/opt/novell/CASA/authtoken.d/modules.d.
+configuration. The path to this folder under linux is /etc/CASA/authtoken.d/client.d/mechanisms.d/.
-The path to this folder under Windows is \Program Files\novell\CASA\auth\mechanisms. The name of
+The path to this folder under Windows is \Program Files\novell\CASA\Etc\Auth\Mechanisms\. The name of
 the plug-in configuration file is related to the authentication mechanism type in the following
 manner: AuthenticationMechanismTypeName.conf.
--- a/CASA-auth-token/non-java/client/TODO
+++ b/CASA-auth-token/non-java/client/TODO
@ -10,9 +10,4 @@ This file contains a list of the items still outstanding for libcasa_c_authtoken
 OUTSTANDING ITEMS
- Implementation of Linux specific code.
+None.
 - Re-structure the token cache to differentiate between Session Tokens and Authentication Tokens.
 - Use the CASA cache as the token store.
 - Switch Client/Server protocol to use SOAP Messages.
 - Enable communications over HTTPS instead of over HTTP.
--- a/CASA-auth-token/non-java/client/csharp/README
+++ b/CASA-auth-token/non-java/client/csharp/README
@ -0,0 +1,68 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for Novell.Casa.Client.Auth CSHARP Library
 *
 ***********************************************************************/
 INTRODUCTION
 Novell.Casa.Client.Auth CSHARP Library provides a class for CSHARP client
 applications to obtain authentication tokens from the CASA Authentication
 Token Infrastructure.
 CLIENT APPLICATION PROGRAMMING NOTES
 The Novell.Casa.Client.Auth.Authtoken class provides static method ObtainAuthToken()
 to allow client applications to obtain CASA Authentication Tokens. The caller must
 supply the name of the service to which it wants to authenticate along with the name
 of the host where it resides to the static method. The returned authentication token
 is a Base64 encoded string.
 Applications utilizing CASA Authentication Tokens as passwords in protocols that require the
 transfer of user name and password credentials should verify or remove any password length limits
 as the length of CASA Authentication Tokens may be over 1K bytes. The size of the CASA Authentication
 Tokens is directly dependent on the amount of identity information configured as required by the
 consuming service. These applications should also set the user name to "CasaPrincipal".
 For examples of code which uses the Novell.Casa.Client.Auth.Authtoken class look at the test
 application under the test folder.
 SECURITY CONSIDERATIONS
 CASA Authentication Tokens when compromised can be used to either impersonate
 a user or to obtain identity information about the user. Because of this it is
 important that the tokens be secured by applications making use of them. It is
 recommended that the tokens be transmitted using SSL.
--- a/CASA-auth-token/non-java/client/csharp/TODO
+++ b/CASA-auth-token/non-java/client/csharp/TODO
@ -0,0 +1,15 @@
 /***********************************************************************
 *
 *  TODO for Novell.Casa.Client.Auth CSHARP Library
 *
 ***********************************************************************/
 INTRODUCTION
 This file contains a list of the items still outstanding for the
 Novell.Casa.Client.Auth CSHARP library.
 OUTSTANDING ITEMS
 - Include it in the Linux Client build/rpm.
--- a/CASA-auth-token/non-java/client/mechanisms/krb5/README
+++ b/CASA-auth-token/non-java/client/mechanisms/krb5/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for krb5mech
--- a/CASA-auth-token/non-java/client/mechanisms/krb5/TODO
+++ b/CASA-auth-token/non-java/client/mechanisms/krb5/TODO
@ -10,5 +10,4 @@ This file contains a list of the items still outstanding for krb5mech.
 OUTSTANDING ITEMS
- Implementation of Linux specific code.
+None. 
--- a/CASA-auth-token/non-java/client/mechanisms/pwd/README
+++ b/CASA-auth-token/non-java/client/mechanisms/pwd/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for pwmech
--- a/CASA-auth-token/non-java/client/mechanisms/pwd/TODO
+++ b/CASA-auth-token/non-java/client/mechanisms/pwd/TODO
@ -10,5 +10,4 @@ This file contains a list of the items still outstanding for pwmech.
 OUTSTANDING ITEMS
- Implementation of Linux specific code.
+None. 
--- a/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes
+++ b/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Tue Oct 10 08:46:22 MDT 2006 - jluciani@novell.com
 - Brought up to date the README and TODO files. 
 -------------------------------------------------------------------
 Mon Oct  9 09:28:37 MDT 2006 - jluciani@novell.com
 - Cleaned up compiler warnings that were present in some of the
  components. 
 -------------------------------------------------------------------
 Fri Oct  6 14:22:54 MDT 2006 - schoi@novell.com
--- a/CASA-auth-token/non-java/server/ApacheSupport/2.2/README
+++ b/CASA-auth-token/non-java/server/ApacheSupport/2.2/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for mod_authn_casa
@ -35,9 +58,10 @@ for authenticating requests issued to mod_example:
    Require valid-user
 </Location>
-Note that the name specified in the AuthName directive should match the name
+The AuthName directive specifies the name of the authentication REALM relayed
-configured under CASA for the authentication realm used by CASA to obtain
+by the server to HTTP clients when requesting that the they authenticate using
-identity information for the service.
+the Basic Authentication scheme. The AuthName can be used by the HTTP client to
 realize that the server is expecting CASA Authentication Token materials.
 mod_authn_casa supports the following configuration directives:
--- a/CASA-auth-token/non-java/server/AuthTokenValidate/README
+++ b/CASA-auth-token/non-java/server/AuthTokenValidate/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for libcasa_s_authtoken
@ -16,9 +39,8 @@ module to perform the credential validation. To facilitate this, CASA Authentica
 provides PAM, Apache, and JAAS modules that can be used to validate credentials containing
 CASA Authentication tokens,
-CONFIGURING TRUSTED AUTHENTICATION TOKEN SERVICES
+libcasa_s_authtoken relies on the CasaAuthtokenValidateD service in order to perform its
-
+functions. To learn more about CasaAuthtokenValidateD see the Svc folder.
 tbd. Add info about the installation of public certificates and trusted certificate authorities.
 CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDER MODULES
@ -30,7 +52,7 @@ is configured for CASA Authentication. The default identity token type is CasaId
 libcasa_s_authtoken supports different identity token types through an API that allows for the
 configuration of different Identity Token Provider plug-ins. An Identity Token Provider plug-in
 is configured by placing a configuration file for the plug-ins in the
-/etc/opt/CASA/authtoken.d/modules.d folder. The name of the plug-in configuration file is related
+/etc/CASA/authtoken.d/modules.d folder. The name of the plug-in configuration file is related
 to the identity token type in the following manner: IdentityTokenTypeName.conf.
 Identity Token Provider plug-in configuration files must must contain a directive indicating the
--- a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/README
+++ b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/README
@ -0,0 +1,80 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for CasaAuthtokenValidateD
 *
 ***********************************************************************/
 INTRODUCTION
 CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken
 for the validation of CASA Authentication Tokens.
 Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via
 domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking
 the appropriate CASA Authentication Token Java classes.
 COMMAND LINE PARAMETERS
 CasaAuthtokenValidateD has the following command line parameters:
   -b BeginThreads
      Optional parameter that specifies the initial number of threads utilized by the
      service to process requests.
   -g GrowThreads
      Optional parameter that specifies the number of threads by which the service can
      grow its thread pool utilized for processing requests.
   -m MaxThreads
      Optional parameter that specifies the maximum number of threads that the service
      can have in its thread pool for processing requests.
   -D DebugLevel
      Optional parameter that specifies the level used for logging debugging information.
      0 being the lowest debug level.
   -d
      Optional parameter that specifies that the service must be run as a daemon.
 SECURITY CONSIDERATIONS
 Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
 create its listeing socket to keep other services from hijacking it and taking on
 the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
 listen socket in the /var/lib/CASA/authtoken/validate/ folder.
--- a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/TODO
+++ b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/TODO
@ -0,0 +1,13 @@
 /***********************************************************************
 *
 *  TODO for CasaAuthtokenValidateD
 *
 ***********************************************************************/
 INTRODUCTION
 This file contains a list of the items still outstanding for CasaAuthtokenValidateD.
 OUTSTANDING ITEMS
 None.
--- a/CASA-auth-token/non-java/server/AuthTokenValidate/TODO
+++ b/CASA-auth-token/non-java/server/AuthTokenValidate/TODO
@ -10,6 +10,4 @@ This file contains a list of the items still outstanding for libcasa_s_authtoken
 OUTSTANDING ITEMS
- Change AuthTokens to be SOAP messages secured with WS-Security and WS-Trust.
+None.
 - Implement CheckAuthToken().
 - Finish README documentation.
--- a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README
+++ b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for casa_identoken
--- a/CASA-auth-token/non-java/server/PamSupport/README
+++ b/CASA-auth-token/non-java/server/PamSupport/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for pam_casaauthtok
--- a/CASA-auth-token/non-java/utilities/IpcLibs/README
+++ b/CASA-auth-token/non-java/utilities/IpcLibs/README
@ -1,3 +1,26 @@
 /***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
 /***********************************************************************
 *
 *  README for IpcLibs
`@ -13,5 +13,4 @@ details outstanding items at the project level.`

	`OUTSTANDING ITEMS`	`OUTSTANDING ITEMS`

	`- Plug-in auth_token into the CASA make system.`	`None.`
`@ -10,5 +10,4 @@ This file contains a list of the items still outstanding for krb5mech.`

	`OUTSTANDING ITEMS`	`OUTSTANDING ITEMS`

	`- Implementation of Linux specific code.`	`None.`